Disclaimer: I left Apple in June.

Processing on local devices is slightly better but ultimately it’s cold comfort when those devices are locked down, closed source, and opaque to anyone but hackers.

From the end customer perspective, the only protection was Apple’s customer-focused business model, which is now slowly tilting from “sell slick technology products” to “monetize the user base.”

Another solution is needed. Since I created Dropcam (Nest cam), I am working on fixing this: send us a message at https://duffy.org if you want to learn more.

Hmm... this is interesting. I would like to learn more about how this works, given apple's history, my guess is they won't advertise such solutions until they have either developed their own camera, or have struck some deal with a 3rd party. I'd still likely plunk down the inflated price if their privacy model was actually proven.

I've looked into flashing a CFW on a cheap Xaomi ip camera, running ZoneMinder and a NAS for storage and backups and whatnot, and while setting all this up is pretty trivial, I feel like I'd be better off just paying for a commercial system rather than administering my own. But then you look into the security practices in such systems and well, lets just say, off the shelf isn't really a great option either.

I used to work at a startup that built products for parents of infants and toddlers, such as "smart socks" to monitor babies' vitals, and was involved in the late-stage development of their smart baby monitor camera, which released last year. (A quick web search of certain terms above should give you a good guess as to which company I'm talking about.)

They—and dozens of other companies—use off-the-shelf commodity components from the Chinese corporation Aoni, and their camera is essentially the device linked below, but in a different case: http://anc.cn/ip-camera/smart-wireless-cube-camera/smart-wir...

Check the specs, as well as the general appearance of the thing from the front.

While inspecting the traffic coming in and out of this thing, I saw it making a ton of requests to really weird Chinese IP addresses and uploading a lot of data. It was encrypted, so I couldn't tell for sure what it was, but it presumably was video footage. I raised these concerns to others on my team, but besides a "huh, weird", none of them seemed to care enough to investigate further or properly escalate it. I was just a temp, so I didn't have the pull or influence that full-time employees had.

It was really concerning to me that this stuff wasn't properly addressed, but instead was swept under the rug, despite the fact that it's going to be pointed at babies and toddlers. There are some real disgusting folks out there who will take advantage of this, if they haven't already, especially since it has the same two-way audio that "Santa" used with the Ring cameras.

(If any of my former co-workers are reading this, I genuinely don't mean you any ill will in particular. But the company really needs to fix those issues, and not simply re-case commodity camera systems from surveillance states. There's obviously a backdoor, and if Aoni/China can access it, so can the aforementioned disgusting people.)

Yeah, this is pretty much my understanding from reading reddit threads and tutorials for running custom firmware. Even if you disable whatever 'cloud' option your hardware ships with and run off, say, an SD card, your data is still being dumped somewhere in China if you allow your device to talk outside of you LAN.

It's a pretty sad state of affairs when there are no real viable options for consumers if you care about security.